13. Basic Server Behavior

This section defines the behavior of a basic, standalone STUN server. A basic STUN server provides clients with server reflexive transport addresses by receiving and replying to STUN Binding requests.

The STUN server MUST support the Binding method. It SHOULD NOT utilize the short-term or long-term credential mechanism. This is because the work involved in authenticating the request is more than the work in simply processing it. For the same reason, it SHOULD NOT utilize the ALTERNATE-SERVER mechanism. It MUST support UDP and TCP. It MAY support STUN over TCP/TLS; however, TLS provides minimal security benefits in this basic mode of operation. It MAY utilize the FINGERPRINT mechanism but MUST NOT require it. Since the standalone server only runs STUN, FINGERPRINT provides no benefit. Requiring it would break compatibility with RFC 3489, and such compatibility is desirable in a standalone server. A standalone STUN server SHOULD support backwards compatibility with [RFC3489] clients, as described in Section 12.

It is RECOMMENDED that administrators of STUN servers provide DNS entries for those servers, as described in Section 9.

A basic STUN server is not a solution unto itself for NAT traversal. Rather, it is a tool that can be utilized as part of a solution through a STUN usage. This is discussed further in Section 14.